News & Features

Protecting Your Company from Email Fraud

AmCham-OSAC meeting discussed a financial fraud scheme the private sector needs to be aware of

By Gilang ArdanaMonday, December 18, 2017

US businesses operating in Indonesia need to be cautious of an email swindle involving Nigerian organized crime groups. That was what the key message delivered at the AmCham-OSAC (Overseas Security Advisory Council) meeting on Dec. 13, 2017.

FBI legal attaché Joseph Callahan made the presentation, discussing how organized crime groups intercept communications between companies and vendors to obtain money by manipulating staff to transfer payment to different bank accounts.

“It all starts by someone in your office mistakenly clicking a link and the link directs the computer to install malware to allow the criminals to get access to your email and monitor your conversations with vendors,” he said.

“When it is time for the payment to happen, they will create a fake email account similar to your vendor’s email and jump in the conversation telling you that they have changed their bank account details.”

Callahan said that in Indonesia, the fraud is mostly done by Nigerian organized crime groups.

“It is trans-national crime, but in Indonesia, mostly the groups involved come from Nigeria.”

The financial fraud kill chain (FFKC) was introduced to the meeting as an immediate action companies can take to get their money back

“The financial fraud kill chain is a partnership between law enforcement and financial entities whose purpose is to recover fraudulent funds wired by victims,” he said.

“The FFKC requests are coordinated through financial intelligence units (the Indonesian Financial Transaction Reports and Analysis Center (PPATK) and the US Financial Crimes Enforcement Network (FINCEN), and the goal is to immediately freeze and reverse the illegal wire transfer.”

To prevent the mess in the first place, Callahan said companies should maintain good communication with customers and situational awareness, such as noting sudden changes in vendor bank accounts or emails. He also suggested a strong standard operating procedure on the verification of any bank changes and the downloading of attachments among staff.